Commit Graph

683 Commits

Author SHA1 Message Date
Andres Morales dff18174d2 stop including rootdir build.prop
merged with default.prop

Change-Id: I18fcd37ddc63e3607278d0741181d0779118132d
2015-05-08 09:20:13 -07:00
Elliott Hughes e5ce30fed8 Clean up init /proc/cmdline handling.
Helped debug a problem where the N9 bootloader incorrectly
concatenated the various command lines.

Bug: http://b/20906691
Change-Id: I0580b06f4185129c7eedf0bdf74b5ce17f88bf9c
2015-05-07 11:02:08 -07:00
Elliott Hughes 5138958cb3 Merge "Enable property expansion for insmod" 2015-05-04 22:54:10 +00:00
Paul Lawrence 806d10be23 Securely encrypt the master key
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.

Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.

This is one of four changes to enable this functionality:
  https://android-review.googlesource.com/#/c/148586/
  https://android-review.googlesource.com/#/c/148604/
  https://android-review.googlesource.com/#/c/148606/
  https://android-review.googlesource.com/#/c/148607/

Bug: 18151196

Change-Id: I6a8a18f43ae837e330e2785bd26c2c306ae1816b
2015-04-28 15:34:10 -07:00
Nick Kralevich d34e407aeb init: remove support for disabled SELinux
Remove support for androidboot.selinux=disabled. Running with SELinux
disabled is not a supported configuration anymore. SELinux must be
in enforcing in shipping devices, but we also support permissive for
userdebug/eng builds.

Don't try security_setenforce() if we're already in enforcing mode.
A kernel compiled without CONFIG_SECURITY_SELINUX_DEVELOP does
not have a permissive mode, so the kernel will already be enforcing
once the policy is loaded.

Bug: 19702273
Change-Id: I07525a017ddb682020ec0d42e56a2702c053bdeb
2015-04-28 13:11:07 -07:00
Paul Lawrence 2b3a493946 Merge "Revert "Securely encrypt the master key"" 2015-04-28 19:15:40 +00:00
Paul Lawrence 7ac2807546 Revert "Securely encrypt the master key"
This reverts commit 4bf1887c78.

Change-Id: Ie6d1f39de530b99b50a27ddc45bcc900a24e04b5
2015-04-28 19:15:01 +00:00
Paul Lawrence 6e8c8f542d Merge "Revert "Only run vold command when file encryption enabled"" 2015-04-28 19:14:45 +00:00
Paul Lawrence 34276a1534 Revert "Only run vold command when file encryption enabled"
This reverts commit efe190e023.

Change-Id: Ib15af9a85b0b885a388bda28511a6fc39a777264
2015-04-28 19:12:35 +00:00
Paul Lawrence a71ef0d5b5 Merge "Only run vold command when file encryption enabled" 2015-04-28 15:24:10 +00:00
Paul Lawrence 9234b169e6 Merge "Securely encrypt the master key" 2015-04-27 20:08:53 +00:00
Emmanuel Berthier ac41230cbc Enable property expansion for insmod
Useful for dynamic kernel module location.
This permits to use init rule like:

  insmod ${persist.modules.location}/<module_name>

Change-Id: If7479bdcb4e69ea7666f52a0075c785be025c2e9
Signed-off-by: Emmanuel Berthier <emmanuel.berthier@intel.com>
2015-04-27 13:50:09 +02:00
Nick Kralevich f667a3247a init: get rid of the remaining double mounts
Don't double mount /dev and its subdirectories anymore. Instead, the
first stage init is solely responsible for mounting it.

Don't have init prepare the property space. This is the responsibility
of the second stage init.

Don't have SELinux use the property space to determine how we should
be running. Instead, create a new function and extract the data we
need directly from /proc/cmdline. SELinux needs this information in
the first stage init process where the property service isn't available.

Change-Id: I5b4f3bec79463a7381a68f30bdda78b5cc122a96
2015-04-25 18:29:26 -07:00
Nick Kralevich e34577ce1b init: use SELinux /dev/null if available
SELinux provides it's own /dev/null character device at
/sys/fs/selinux/null. This character device is exactly the same
as /dev/null, including the same major/minor numbers, and can
be used wherever /dev/null is used.

Use /sys/fs/selinux/null instead of trying to create our own
/dev/__null__ device. This moves us one step closer to eliminating
all uses of mknod() by init.

/sys/fs/selinux/null is only available once the /sys/fs/selinux filesystem
is mounted. It's not available to the first stage init, so we
still have to fall back to mknod then.

Change-Id: Ic733767ea6220a130537de33cc478ae79578ce20
2015-04-25 16:48:23 -07:00
Nick Kralevich 178299fd45 Merge "init: don't double mount /proc and /sys" 2015-04-25 23:11:27 +00:00
Nick Kralevich 9dec93bfeb init: don't double mount /proc and /sys
The first stage init mounts /proc and /sys, and then the second
stage init also mounts /proc and /sys on top of the existing mount.
Only mount these two directories once, in the first stage init.

Not yet fixed: the double mounting of /dev. Removing the double
mounting doesn't work right now because both init stages are trying
to create a property space, and if the double mount of /dev goes away,
the property service in the second stage init fails to work.

Change-Id: I13719027a47526d074390c2b1a605ad99fb43a8f
2015-04-25 15:50:03 -07:00
Nick Kralevich eedbe81f75 init: fix write_file checkreqprot logic error
write_file() returned -errno on error, not -1. Callers who check for
-1 would falsely believe that the write was successful when it wasn't.
Fixup write_file so that it return -1 on error consistent
with other functions.

Change-Id: Ic51aaf8678d8d97b2606bd171f11b3b11f642e39
2015-04-25 15:36:13 -07:00
Nick Kralevich a1f6a4b139 init: remove mkdir /dev /proc /sys
These directories are already present in the initial ramdisk, and
these mkdir calls are no-ops.

Change-Id: I528f9e96a3471de904845a2f9e09c1b6ff83a708
2015-04-25 13:48:26 -07:00
Elliott Hughes 929f407076 Switch init to epoll.
Not just because it's what the cool kids are doing --- it also lets us
simplify the inner loop and decouple it from whatever systems want to
be woken to perform some activity if there's data to be read on some fd.

Currently this is just used to clean up the existing signal handling,
keychord, and property service code.

Change-Id: I4d7541a2c4386957ad877df69e3be08b96a7dec5
2015-04-24 21:13:44 -07:00
Elliott Hughes c6c26ed781 Clean up property service initialization.
All the code that was being delayed does is create a socket. We can
do that straight away, avoid the overhead, and simplify our main loop.

The keychord fd, on the other hand, seems a little tricky. It looks
like /dev/keychord isn't immediately available, at least not on N9;
we have to wait for ueventd to set us up the bomb.

Change-Id: I020e75b8e4b233497707f0a3cbbb6038b714161f
2015-04-24 19:15:20 -07:00
Elliott Hughes 9042cae40b Clean up init signal handling a little.
We can set it up earlier, and error reporting like this helped me find
the SELinux problem with the last change to this code.

Change-Id: If0f38bc5ff0465c4030e2d39d34f31f49b2d8487
2015-04-24 17:43:21 -07:00
Elliott Hughes 662baefbb7 Merge "Setup signal handler before any exec command" 2015-04-25 00:24:55 +00:00
Elliott Hughes c7ca9dd6c8 Revert "Revert "Remove now-unusable 'setcon' command.""
This reverts commit b862bd00a4.

This change was fine but an earlier change it depended on was broken.
That change has been fixed and resubmitted.

Bug: http://b/19702273
Change-Id: I17e565721026e48e2a73526f729f2481d4d6edb5
2015-04-24 12:41:47 -07:00
Elliott Hughes f65730e620 Revert "Revert "Make init re-exec itself for its SELinux domain transition.""
This reverts commit 4217374611.

It turns out that the kernel passes any unrecognized arguments on to init,
and (at least) N6 and N9 have such arguments. My lazy check of argc was
thus insufficient to recognize what stage of init we were in, so we'd
skip to stage 2 and not set up SELinux. And apparently you can get a
very long way with SELinux off... We'll fix that in a later change.

Bug: 19702273
Change-Id: I43b3fb722fed35dd217cb529cbcac9a29aff4e4b
2015-04-24 12:26:05 -07:00
Tom Cherry 1225a61f0a init: consider all platform devices for find_platform_device
Certain platforms list their platform devices with a path other than
the current /devices or /devices/platform.  Additionally, sometimes
these paths are a platform device themselves.  An example are devices
with a path /devices/soc.0/... where /devices/soc.0 is also a platform
devices.

Instead of continuing to special case these path prefixes, we can
consider the entire path, given that no mmc or usb devices create
platform devices as subdevices, which they should not by their very
nature.

This keeps the symlinks for block devices named identically for
current platform devices and places them in /dev/block/<full path to
device> for devices in locations other than /devices or
/devices/platform, eg /dev/block/platform/soc.0/7824900.sdhci

This keeps the symlinks for character deviced named identically for
all cases.

Change-Id: Ifc8eedf1086db1826dbc8f7e96cdfcfa5da876b3
2015-04-23 15:04:06 -07:00
Paul Lawrence 4bf1887c78 Securely encrypt the master key
Remove unencrypted link since it is easier to manage directly
Move creation of key to vold
Start vold early so this is possible in a timely fashion

This is one of four changes to enable this functionality:
  https://android-review.googlesource.com/#/c/144586/
  https://android-review.googlesource.com/#/c/144663/
  https://android-review.googlesource.com/#/c/144672/
  https://android-review.googlesource.com/#/c/144673/

Bug: 18151196
Change-Id: Idb17d1f1a724c6ec509d181ae4427113e9d3b5e6
2015-04-23 10:23:03 -07:00
Paul Lawrence efe190e023 Only run vold command when file encryption enabled
Avod slowing other boot times

Change-Id: I4862312ea90d8a1e67d9a755a75f708f5e82cbc5
2015-04-23 10:23:03 -07:00
Johan Redestig 4f673306fc Setup signal handler before any exec command
Fixes init deadlock when an exec command was called
in an on-init section.

The exec command handling relies on that the signal handler
mechanism is working to know when to continue executing
commands.

Change-Id: Ib0ce75ffad7cf3bf926c93d0506b2fe3e5a92630
2015-04-18 14:18:25 +02:00
Elliott Hughes 95f709a9f5 Don't try to read /system/default.prop.
It doesn't exist. We use /system/build.prop.

Change-Id: Ie635f9b3cc65de807f128339199b853db5a8eb2f
2015-04-15 17:05:23 -07:00
Tom Cherry ae392cf609 Fix memory leak in parse_action
Change-Id: I3ed1da5674ae0b4ac50c1925e4f63af7f1748483
2015-04-13 13:37:20 -07:00
Mohamad Ayyash 030ef35966 Revert "Revert "fs_mgr_verity: Add support for squashfs""
This reverts commit 7b97c7a3fa.

Change-Id: Id47e70479fe9247b7936f2e54d4dbfbb4f63f635
2015-04-08 18:08:00 -07:00
Mohamad Ayyash e322ae1996 Merge "Revert "fs_mgr_verity: Add support for squashfs"" 2015-04-08 19:34:10 +00:00
Mohamad Ayyash 7b97c7a3fa Revert "fs_mgr_verity: Add support for squashfs"
This reverts commit 807f47004f.

Change-Id: I2d7972c0828c842b44747dd08fbe44668f2a55db
2015-04-08 19:31:00 +00:00
Mohamad Ayyash 70f81ceeeb Merge "fs_mgr_verity: Add support for squashfs" 2015-04-08 19:02:11 +00:00
Sami Tolvanen 284c5cb2a1 Merge "Set verity mode as the verified property value" 2015-04-07 08:45:24 +00:00
Mohamad Ayyash 807f47004f fs_mgr_verity: Add support for squashfs
- Cleanup the code to get filesystem size in a block device
- Add support to reading size of squashfs in a block device

Change-Id: I3848a705ed4dc2fc9afad20331f0fdecfee545c5
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
2015-04-06 16:20:26 -07:00
Elliott Hughes e2837a9107 Remove execonce.
Use 'exec' instead.

Change-Id: I1320d1971f7cd8b23753c27aa87089006e112a11
2015-04-03 09:06:52 -07:00
Elliott Hughes a57fb596f3 Merge "Remove no-op "capabilities"." 2015-04-01 18:37:06 +00:00
Paul Lawrence 27cda9a535 Merge "Revert "Revert "Adding e4crypt support""" 2015-04-01 17:40:38 +00:00
Elliott Hughes b022b8428c Remove no-op "capabilities".
This never worked, and implementing it would just be an attempt to cling to
the pre-SELinux past.

Change-Id: Iecba2affa50ee49ccf62677a607bfae95cb0aaf7
2015-04-01 10:20:52 -07:00
Paul Lawrence b8c9d273a0 Revert "Revert "Adding e4crypt support""
Fix build break caused by original change

This reverts commit 84b0bab58f.

Change-Id: I99fbd7c3d1ed92db1f546033c8493bb71a327924
2015-03-31 13:02:13 -07:00
Sami Tolvanen 454742392f Set verity mode as the verified property value
Set the verity mode as the value for partition.%s.verified to make it
easier for userspace to determine in which mode dm-verity was started.

Change-Id: Icc635515f8a8ede941277aed196867351d8387cb
2015-03-31 09:12:00 +01:00
Elliott Hughes 9efd95b029 Build init with clang.
Change-Id: I14d95b3fe0505dd7d7632e2eedc537f97553c715
2015-03-30 14:37:11 -07:00
Elliott Hughes 59abac27cb Clarify a few things about bootcharts.
Make it clearer in dmesg when we're deliberately not doing
bootcharting, and explain in the documentation that the output
for init is quite misleading (and, as far as I can tell, not
within our power to fix).

Change-Id: I0b22a56f83521d64c6d176dc423c81f7ea86b23c
2015-03-28 12:12:51 -07:00
Elliott Hughes 56a0656ed9 Further cleanup of the logic in device_init.
Change-Id: I96e4b11894926b50792b9b7d7cfa0fe8392abef6
2015-03-28 11:26:15 -07:00
Elliott Hughes 747383649c Fix clang build by removing unused locals.
Also don't manually set FD_CLOEXEC on a socket that's always opened
with SOCK_CLOEXEC. (None of the other callers to the function do this.)

Also move locals to where they're first used to help prevent more of this
kind of breakage.

Change-Id: I1ba7cd9400f53508dffb51a2bbf9d491ae647f26
2015-03-28 10:51:23 -07:00
Elliott Hughes da40c00137 Log more timing information from init.
Also make important events in init's life NOTICE rather than INFO,
and ensure that NOTICE events actually make it to the kernel log.

Also fix the logging so that if you have a printf format string
error, the compiler now catches it.

Also give messages from init, ueventd, and watchdogd distinct tags.
(Previously they'd all call themselves "init", and dmesg doesn't
include pids, so you couldn't untangle them.)

Also include the tag in SELinux messages.

Bug: 19544788
Change-Id: Ica6daea065bfdb80155c52c0b06f346a7df208fe
2015-03-28 00:25:22 -07:00
Mark Salyzyn 7a3d66c9eb init: missing break statement
Change-Id: Iac4a19c404590c3faba6021c7e537b01805c2d45
2015-03-24 07:29:22 -07:00
Elliott Hughes 930974cedf Add missing parenthesis in init log message.
Change-Id: Iddcd8a002bfc692b1e70d59fa8c6530306c500fa
2015-03-23 08:07:19 -07:00
Sami Tolvanen 8d6ea4bed4 Fix the number of arguments for verity commands
Neither of the built-in verity state commands accept arguments, so
set the number of required arguments to zero.

Change-Id: Id57fe671b6b82eaf1e43b8ed7ff9d1e502ada5bd
2015-03-22 12:41:46 +00:00